Table of Contents
Advertisement
Chapter 40
Configuring 802.1X Authentication
Setting the Back-End Authenticator-to-Authentication-Server Retransmission
Time for the Transport Layer Packets
The authentication server notifies the back-end authenticator each time that it receives a transport layer
packet. When the back-end authenticator does not receive a notification after sending a packet, the
back-end authenticator waits a set period of time and then retransmits the packet. You may set the
amount of time that the back-end authenticator waits for notification from 1–65535 seconds. (The
default is 30 seconds.)
To set the value for the retransmission of transport layer packets from the back-end authenticator to the
authentication server, perform this task in privileged mode:
Task
Set the back-end authenticator-to-authentication-server
retransmission time for the transport layer packets.
This example shows how to set the value for the retransmission time for the transport layer packets that
are sent from the back-end authenticator to the authentication server to 15 seconds:
Console> (enable) set dot1x server-timeout 15
dot1x server-timeout set to 15 seconds.
Console> (enable)
Setting the Back-End Authenticator-to-Host Frame-Retransmission Number
The authentication server notifies the back-end authenticator each time that it receives a specific number
of frames. When the back-end authenticator does not receive this notification after sending the frames,
the back-end authenticator waits a set period of time and then retransmits the frames. You may set the
number of frames that the back-end authenticator retransmits from 1–10 (the default is 2).
To set the number of frames that are retransmitted from the back-end authenticator to the host, perform
this task in privileged mode:
Task
Set the back-end authenticator-to-host frame
retransmission number.
This example shows how to set the number of retransmitted frames that are sent from the back-end
authenticator to the host to 4:
Console> (enable) set dot1x max-req 4
dot1x max-req set to 4.
Console> (enable)
Setting the Critical Recovery Delay for an Authentication Feature
You can set the critical recovery delay for each authentication feature. By default, critical recovery delay
is disabled. The critical recovery delay can be set between 1–10000 milliseconds. Ports enabled with the
critical recovery delay feature will be moved to the "critical" state when the RADIUS server is not
OL-8978-04
Command
set dot1x max-req count
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
Configuring 802.1X Authentication on the Switch
Command
set dot1x server-timeout seconds
40-21
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
